#terragrunt (2020-12)
Terragrunt discussions
Archive: https://archive.sweetops.com/terragrunt/
2020-12-02
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
Hi, do you know if there is a way to specify which AWS credentials to use in kubergrunt please?
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
for example
kubergrunt eks deploy --region eu-west-1 --asg-name k8s_workers_windows --kubectl-context-name k8s-test
only works when targeting my default AWS account
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
to make the command work with any other account, I need to export the AWS access and secret keys like so:
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
![pjaudiomv avatar](https://secure.gravatar.com/avatar/40f13c8f113a13f5b9730c8cd47ec9ee.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
You can probably use the AWS_PROFILE env var
2020-12-03
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
yep, that worked. thanks!
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
not sure how easy/hard it would be to add the AWS profile to kubergrunt but that it would be a nice to have…
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
![Andrea avatar](https://secure.gravatar.com/avatar/acdfeac73836288ce6bc19b5b6cb051f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
thanks @pjaudiomv!
2020-12-07
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Is there a way to do good old terraform in a terragrunt.hcl file?
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I would like to construct iam policy documents using data calls and then passing them in the inputs = { }
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
in order to use https://github.com/cloudposse/terraform-aws-iam-role
A Terraform module that creates IAM role with provided JSON IAM polices documents. - cloudposse/terraform-aws-iam-role
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I haven’t tested it, but you might be able to do it by:
• Adding a generate
block in terragrunt to write out a data source into your terraform module
• Putting an [override.tf](http://override.tf)
file next to your terragrunt.hcl
file where you override the policy field of the role to point to your generated data source
Override files docs: https://www.terraform.io/docs/configuration/override.html
Personally, I just use jsonencode
and create the IAM Policy in terragrunt
Override files allow additional settings to be merged into existing configuration objects.
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
jsonencode
is really nice because you can use terragrunt vars / dependency outputs the same way you’d use with iam_policy data sources
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Can you paste an example of using jsonencode?
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I am guessing what you mean is you’re using a module written in terraform that uses jsonecode to generate IAM policy documents using the output of dependency blocks in terragrunt
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
include {
path = find_in_parent_folders("terragrunt-config-dev.hcl")
}
terraform {
source = "git::[email protected]:terraform-aws-modules/terraform-aws-iam//modules/iam-policy?ref=v3.4.0"
}
dependency datadog_param {
config_path = "${get_parent_terragrunt_dir()}/foo/bar/datadog_ssm_param"
}
dependency ssh_key_param {
config_path = "${get_parent_terragrunt_dir()}/foo/baz/ssh_key_param"
}
inputs = {
name = "FooBarPolicy"
description = "demo policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "AllowFetchingSecrets"
Effect = "Allow"
Action = [
"ssm:GetParameter",
"ssm:GetParameters",
"secretsmanager:GetSecretValue"
]
Resource = [
dependency.datadog_param.outputs.arn,
dependency.ssh_key_param.outputs.arn,
]
},
{
Sid = "AllowReadingKms",
Effect = "Allow",
Action = "kms:*",
Resource = "*",
}
]
})
}
Nah, I create the policy entirely in terragrunt
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
hm
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
What does datadog_param
do?
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Is it just a data-call module?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
It’s just another module. In this case, it creates an SSM SecureString parameter. Then this policy module says to create an IAM Policy that has permissions to read/decrypt that SSM Parameter’s value
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Do you store the value of the DD api key in SSM using terraform?
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I am just curious to know how you’re doing it
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yeah I do. We use Vault as our source of truth for secrets, and then have a really basic module that copies a Vault Secret -> SSM for when using SSM is easier than Vault for some service
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
We also have a Lambda function that copies keys in bulk from Vault -> SSM, and then in our policies we use a prefix + wildcard for the output of that lambda run
2020-12-10
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Needing help with setting terragrunt to use aws assume role
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I use it with awscli and aws-vault
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I could try to write a gist
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
That would be nice example to reference if you don’t mind
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Thx Joe
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
@Mr.Devops here you go: https://gist.github.com/joe-niland/1b81ab5c8ebf7f8b5e4265af0b71f093
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
not sure if that’s what you’re after
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I am just using the standard generate “provider” block from terragrunt docs
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I’m having a hard time understanding how to setup assume role
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Hello! Have you seen https://terragrunt.gruntwork.io/docs/features/work-with-multiple-aws-accounts/? If so, do you have any questions that I could expand on?
Learn how the Terragrunt may help you to work with mulitple AWS accounts.
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Thx @David I’ve read it but still a bit lost
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
that makes sense, I remember it took me a while to get it working the first time. What do you have so far? Do you already have a set of IAM Roles you are trying to use?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
And are you trying to get this to work locally, or on a CI system, or both?
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
atm i created an iam user using it’s access key/id whereas i’m calling the keys from ~/.aws/credentials file, but in my code i’m calling it via profile name
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite_terragrunt"
}
config = {
bucket = "non-production-xxx"
key = "${path_relative_to_include()}/terraform.tfstate"
region = "us-west-2"
profile = "non-prod"
encrypt = true
dynamodb_table = "my-lock-table"
}
}
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i am planning to setup Atlantis with this as well
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Nice! With Terragrunt, that looks like a good setup for assuming a particular profile for looking-up/updating the tfstate, but you’ll also need to assume a role using the provider
block in your terraform code so that the resources you update are created using that same profile
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yeah that’s the confusing part which i need help with. I never understand how to use assume roles with terraform/terragrunt
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Another question which i do have is when using the remote_state
backend within terragrunt.hcl. Does that need to be included into the source repo of terraform code? or just the root dir of my module?
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
e.g here’s my main module i will use for all env which in terragrunt.hcl it has a terraform block to call the source of my terraform module in github
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
include {
path = find_in_parent_folders()
}
terraform {
source = "[email protected]:PTATH81/terraform-aws-ec2.git//app?ref=v0.0.1"
extra_arguments "common_vars" {
commands = get_terraform_commands_that_need_vars()
arguments = [
"-var-file=non-prod.tfvars"
]
}
}
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Gotcha! There are likely better ways of doing this nowadays after the go aws-sdk fixed up some bugs a few months ago, but my setup that works both locally and on atlantis is:
Have a single .tf
file that I inject into all modules with a generate
block in the parent terragrunt files that contains:
provider "aws" {
profile = var.profile
region = var.region
assume_role {
role_arn = var.role_to_assume
session_name = "terraform"
}
allowed_account_ids = var.allowed_account_ids
}
Then in a separate parent terragrunt file for each environment, I add an input:
role_to_assume = get_env("DEV_IAM_ROLE", "arn:aws:iam::1234567890:role/Sandbox-Admin")
where identity
is the aws-profile for the primary IAM user locally, and that role is the role that will give the local user permissions to do stuff in a given env.
Then on Atlantis, I add the envs from terraform like:
envs = {
...
DEV_IAM_ROLE = dependency.dev_role.outputs.external_role_arn
STAGING_IAM_ROLE = dependency.staging_role.outputs.external_role_arn
PROD_IAM_ROLE = dependency.prod_role.outputs.external_role_arn
COMMONS_IAM_ROLE = dependency.commons_role.outputs.external_role_arn
ATLANTIS_IAM_ROLE = dependency.atlantis_role.outputs.external_role_arn
...
}
It works pretty well
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
tfstate stuff should only go in your parent terragrunt config, so long as you use a generate
field definition inside the remote_state
block of your parent terragrunt config file
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
this is great to see how others are using this. I now have a greater understanding. Atm my .hcl in the root/parent tree is using
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite_terragrunt"
}
config = {
bucket = "production-tfstate"
key = "${path_relative_to_include()}/terraform.tfstate"
region = "us-west-2"
profile = "non-prod"
encrypt = true
dynamodb_table = "my-lock-table"
}
}
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i plan to use variables in the config
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thx @David !
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
you are very welcome
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Hi David me again. I ran into an issue
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i’m following the file structure as
├── qa
│ ├── app
│ │ └── terragrunt.hcl
│ ├── mysql
│ │ └── terragrunt.hcl
│ └── vpc
│ └── terragrunt.hcl
and when i ran a plan or apply i get the error Did not find any Terraform files (*.tf) in .terragrunt-cache
although there is many .tf files in my git module
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Interesting, what directory are you running your terragrunt
commands in?
It might be worthwhile to run a quick find . -type d -name ".terragrunt-cache" -prune -exec rm -rf {} \;
from the root of your repo to clear out all the caches and make sure it isn’t just an issue with a corrupted cache
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i’m running it in my app dir
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
after updating my source github url from [email protected]:PTATH81/terraform-aws-ec2.git//app?ref=v0.0.2
to [email protected]:PTATH81/terraform-aws-ec2.git
the error went away but now i get
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
strange..
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I can’t find much about that online unfortunately. What versions of terraform and terragrunt are you using?
Can you try clearing the cache and then running a TF_LOG=trace terragrunt init
and seeing if the extra logs have any helpful hints?
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
terragrunt version v0.23.40
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Terraform v0.14.2
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
let me clear cache
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i also enabled TRACE for TF_LOG
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
here’s what i’m seeing
-----------------------------------------------------
2020/12/10 18:14:20 [DEBUG] [aws-sdk-go] {}
2020/12/10 18:14:20 [WARN] failed to fetch state md5: invalid md5
2020/12/10 18:14:20 [DEBUG] Service discovery for registry.terraform.io at <https://registry.terraform.io/.well-known/terraform.json>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://registry.terraform.io/.well-known/terraform.json>
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
2020/12/10 18:14:20 [DEBUG] GET <https://registry.terraform.io/v1/providers/hashicorp/aws/versions>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://registry.terraform.io/v1/providers/hashicorp/aws/versions>
2020/12/10 18:14:20 [DEBUG] GET <https://registry.terraform.io/v1/providers/hashicorp/aws/3.20.0/download/windows/amd64>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://registry.terraform.io/v1/providers/hashicorp/aws/3.20.0/download/windows/amd64>
2020/12/10 18:14:20 [DEBUG] GET <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_SHA256SUMS>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_SHA256SUMS>
2020/12/10 18:14:20 [DEBUG] GET <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_SHA256SUMS.sig>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_SHA256SUMS.sig>
- Installing hashicorp/aws v3.20.0...
2020/12/10 18:14:20 [TRACE] providercache.Dir.InstallPackage: installing registry.terraform.io/hashicorp/aws v3.20.0 from <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_windows_amd64.zip>
2020/12/10 18:14:20 [TRACE] HTTP client GET request to <https://releases.hashicorp.com/terraform-provider-aws/3.20.0/terraform-provider-aws_3.20.0_windows_amd64.zip>
2020/12/10 18:14:21 [DEBUG] Provider signed by 51852D87348FFC4C HashiCorp Security <[email protected]>
Error: Failed to install provider
Error while installing hashicorp/aws v3.20.0: open
.terraform\providers\registry.terraform.io\hashicorp\aws.20.0\windows_amd64\terraform-provider-aws_v3.20.0_x5.exe:
The system cannot find the path specified.
[terragrunt] 2020/12/10 18:14:21 Hit multiple errors:
exit status 1
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
terragrunt does not, technically, yet support tf 0.14, so you may be layering one problem on another…
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
ah
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
let me rollback the ver i have
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thx @loren
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
what ver do you recommend ?
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
v0.13.5 ok?
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
if you check their github issues, they are tracking it. it’s just a bit too new still for them to claim support. the issues indicate some folks have gotten it to work, but with caveats. i haven’t tried yet myself, so am unsure of exactly what caveats
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yeah, i use terragrunt with tf 0.13.5 regularly
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
and if nothing else, terragrunt 0.25.0 was the first to even support terraform 0.13.x.
FWIW, I use v0.25.4 with terraform 0.14.1 with no issues, and run it against ~600 modules
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
sweet you guys are awsome
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i will let you know how it goes
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i still ran into the issue, but did notice @loren comment on this from https://github.com/gruntwork-io/terragrunt/issues/581
(updating the env TERRAGRUNT_DOWNLOAD path which does do away with the error. But once removed again the error is the same. @David what system are you running terragrunt on? I’m on windows.
This issue is to keep track of the errors encountered while running tests on Windows Filename too long — FAIL: TestLocalWithRelativeExtraArgsWindows (2.42s) integration_test.go Failed to ru…
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
cutting down the dir structure helped for now.
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
oh you’re on windows. yes, it is just about mandatory to set TERRAGRUNT_DOWNLOAD. it’s not bullet proof but helps a lot
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
an even better option is to use WSL and avoid the path issue entirely
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
what system are you running terragrunt on?
Locally, I’m on a mac, and our Atlantis runs on AmazonLinux2. My only windows experience is some testing on the https://github.com/transcend-io/terragrunt-atlantis-config library I maintain, but I’m not super experienced with it.
Generate Atlantis config for Terragrunt projects. Contribute to transcend-io/terragrunt-atlantis-config development by creating an account on GitHub.
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Unfortunately Yes windows as we use aws workspaces and I’m afraid it doesn’t support wsl
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
use session manager to connect to a linux dev box or try cloud9…
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
or use vs code with the remote ssh plugin…
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thx for the tip @loren
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
hi Guys sorry to bother again. What is the preferred location to store your backend terragrunt.hcl file? Should i include that in the root dir of my terraform module (this is located in it’s own separate git repo)? Or should I include it in my environment module (this is also in it’s own separate git repo)?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
by “backend terragrunt.hcl file” are you referring to the parent config file that the other child modules include
?
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yes the parent which the child module has when using
include {
path = find_in_parent_folders()
}
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
hmm, I’m not sure on the best practice here. I use a monorepo for all my config, so I have the parent files at the root of the git repo. I would think that there would be some implications with Atlantis if you put the config file in a separate repo, which might complicate things
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i see - at first i was too also using monorepo which works great, but i figured “what if” i try it this way….
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i wonder if folks out there may have come across the path i’m looking towards here too
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thx again @David and happy Monday!
2020-12-11
2020-12-14
2020-12-15
![NVMeÐÐi avatar](https://secure.gravatar.com/avatar/1dbd0f857d2fc836ccead173a6ea7752.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
anyone have example code of best standards for handling route53 with terragrunt?
2020-12-16
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Interested in knowing how others are doing testing changes locally before pushing to a remote, in particular ones that support plan-all/apply-all commands
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
currently I use --terragrunt-source
with a path directly to the module which I would like to apply local changes to
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
this doesn’t work well for a plan all scenario, terragrunt will complain that it isn’t able to find modules for the other terragrunt modules
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
--terragrunt-source
~/dev/work/forks/example-infrastructure-modules//example-service
for example
![michaelssingh avatar](https://secure.gravatar.com/avatar/b962c2c6665b86151f6cff2a5b0c34b1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
I have tried just passing the path to the module folder but ran into errors
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
has anyone run into this issue when running terragrunt plan
Failed to get existing workspaces: S3 bucket does not exist
![Mr.Devops avatar](https://secure.gravatar.com/avatar/08ee0e17bf9f082a078a410ed711b0a7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
running terragrunt plan
does create the bucket for me but yet it’s stating it cannot find an existing bucket. The only way to get around this is if i wack out the .terragrunt-cache dir
2020-12-23
![tim.davis.instinct avatar](https://avatars.slack-edge.com/2020-12-16/1587108216052_575000f28ef3231c54d6_72.jpg)
Hey all, just wanted to make sure it was put here for anyone who didn’t see it on the Office-Hours this past week. Remote-Run support for Terragrunt is now available in env0!: https://www.env0.com/blog/terragrunt-release
![attachment image](https://assets.website-files.com/5dc3f52851595b160ba99670/5fe0c0ef8f5ffef5fc1f587b_key-features-terraform-code-dry.png)
Hello, env0 and Terragrunt fans alike! It’s new-feature-day, yet again! But this time, we have something really special for you. We’re giving you the ability to completely change the game on the Infrastructure as Code files that you use to deploy and manage environments with our platform! Introducing remote-run support for Terragrunt workflows, now available in env0!
![party_parrot](/assets/images/custom_emojis/party_parrot.gif)